[jira] [Comment Edited] (IGNITE-15969) Enabling authentication requires the client node to enable persistence in the configuration

Tue, 07 Dec 2021 06:23:07 -0800 


    [ 
https://issues.apache.org/jira/browse/IGNITE-15969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17454520#comment-17454520
 ] 

Ilya Shishkov edited comment on IGNITE-15969 at 12/7/21, 2:22 PM:
------------------------------------------------------------------

I decided to do not add extra tests, because in my opinion existing test 
provide necessary test coverage after small configuration fixes.


was (Author: shishkovilja):
I decided to do not add extra tests, because in my opinion existing ones after 
configuration fixes provide necessary test coverage.

> Enabling authentication requires the client node to enable persistence in the 
> configuration
> -------------------------------------------------------------------------------------------
>
>                 Key: IGNITE-15969
>                 URL: https://issues.apache.org/jira/browse/IGNITE-15969
>             Project: Ignite
>          Issue Type: Bug
>    Affects Versions: 2.11
>            Reporter: Ilya Shishkov
>            Assignee: Ilya Shishkov
>            Priority: Major
>              Labels: ise, newbie
>             Fix For: 2.13
>
>         Attachments: ClientNodeAuthFailureReproducer.patch
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> When you start cluster with turned on built-in authentication it requires to 
> enable persistence too [1].
> This requirement seems to be useless for client nodes, because they has no 
> persistence, but without persistence client node would fail during start up 
> with below error:
> {code:java}
> class org.apache.ignite.IgniteCheckedException: Authentication can be enabled 
> only for cluster with enabled persistence. Check the DataRegionConfiguration
>       at 
> org.apache.ignite.internal.processors.authentication.IgniteAuthenticationProcessor.startProcessor(IgniteAuthenticationProcessor.java:166)
>       at org.apache.ignite.internal.IgniteKernal.start(IgniteKernal.java:1259)
>       at 
> org.apache.ignite.internal.IgnitionEx$IgniteNamedInstance.start0(IgnitionEx.java:2141)
>       at 
> org.apache.ignite.internal.IgnitionEx$IgniteNamedInstance.start(IgnitionEx.java:1787)
>       at org.apache.ignite.internal.IgnitionEx.start0(IgnitionEx.java:1172)
>       at org.apache.ignite.internal.IgnitionEx.start(IgnitionEx.java:642)
> {code}
> Reproducer: [^ClientNodeAuthFailureReproducer.patch] 
> It slightly modifies AuthenticationConfigurationClusterTest an it leads to 
> failure of tests: the existing #testClientNodeJoinDisabled and added in the 
> patch #testEnabledAuthenticationOnClientNode.
> It seems that here [2] we should add check whether starting up node is client 
> or not:
> {code:java}
>     /** Starts processor. */
>     public void startProcessor() throws IgniteCheckedException {
>         if (!GridCacheUtils.isPersistenceEnabled(ctx.config())) { // here 
> client node fails
>             throw new IgniteCheckedException("Authentication can be enabled 
> only for cluster with enabled persistence."
>                 + " Check the DataRegionConfiguration");
>         }
> {code}
> Links:
>  # [https://ignite.apache.org/docs/latest/security/authentication]
>  # 
> [https://github.com/apache/ignite/blob/master/modules/core/src/main/java/org/apache/ignite/internal/processors/authentication/IgniteAuthenticationProcessor.java#L165]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to